From: Dave Airlie (airlied at domain csn.ul.ie)
Date: Wed 08 Aug 2001 - 14:27:27 IST
> iptables -t nat -A PREROUTING -i eth0 -d 1.2.3.4 -p TCP --dport 80 -j DNAT
> --to 10.2.3.4
(-p tcp --to 10.2.3.4:80 astethic rather than fixage :-)
check you gave a rule allowing packets across your firewall to port 80 on
10.2.3.4, otherwise it won't work...
even though by the sounds of your below stuff this seems to work... have
you connection tracking on?
do a telnet connection to port 80 on 1.2.3.4 instead of a browser it might
provide more info for you..
or send dump to us..
Dave.
>
> where eth0 is my network card connected to the router, 1.2.3.4 would be
> the public address reserved for my webserver and 10.2.3.4 would be the
> private address
>
> when i tried to connect with a browser it timed out so my first
> assumption was that i had accidentally firewalled myself out. i checked
> through the code and couldn't find anything so i ran tcpdump to see what i
> could see.
>
> this is where it got fruity. by using tcpdump on the two interfaces i was
> able to watch the packets arrive into the linux box get nat-ed and hit the
> webserver. i then saw the response go out from the webserver, hit the
> linux box, get natted and leave with the correct source and destination on
> eth0. but still the browser was timing out. i can only assume that messing
> with the packets somehow upset the browser.
>
> i dont know if anyone has seen this before and i am quite willing to
> accept that its just me doing something stupid - i'm something of a
> newbie. if anyone can help me at all i'd much appriciate it.
>
> I'm running Mandrake 8.0 with kernel 2.4.3
>
> thanks
>
> John
>
>
-- David Airlie, Software Engineer http://www.skynet.ie/~airlied / airlied at domain skynet.ie pam_smb / Linux DecStation / Linux VAX / ILUG person
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:30 GMT